Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 529
Alerts This Week
Warning Icon 1 529

SUSE: 2018:2403-1 Important: Mutt Patch For Multiple Issues

suse
Calendar Grey August 17, 2018
Scroller Suse Esm H88
SUSE has released a critical security patch addressing 11 vulnerabilities in mutt. Ensure your systems are updated and fortified promptly.
An update that solves 11 vulnerabilities and has one errata is now available

Summary

This update for mutt fixes the following issues: Security issues fixed: - CVE-2018-14352: Fix imap_quote_string in imap/util.c that does not leave room for quote characters (bsc#1101582). - CVE-2018-14353: Fix imap_quote_string in imap/util.c that has an integer underflow (bsc#1101581). - CVE-2018-14362: Fix pop.c that does not forbid characters that may have unsafe interaction with message-cache pathnames (bsc#1101567). - CVE-2018-14354: Fix arbitrary command execution from remote IMAP servers via backquote characters (bsc#1101578). - CVE-2018-14356: Fix pop.c that mishandles a zero-length UID (bsc#1101576). - CVE-2018-14355: Fix imap/util.c that mishandles ".." directory traversal in a mailbox name (bsc#1101577). - CVE-2018-14349: Fix imap/command.c that mishandles a NO response without

References

#1101567 #1101570 #1101571 #1101573 #1101576

#1101577 #1101578 #1101581 #1101582 #1101588

#1101589 #936807

Cross- CVE-2018-14349 CVE-2018-14350 CVE-2018-14352

CVE-2018-14353 CVE-2018-14354 CVE-2018-14355

CVE-2018-14356 CVE-2018-14357 CVE-2018-14358

CVE-2018-14359 CVE-2018-14362

Affected Products:

SUSE Linux Enterprise Server 11-SP4

SUSE Linux Enterprise Server 11-SP3-LTSS

SUSE Linux Enterprise Point of Sale 11-SP3

SUSE Linux Enterprise Debuginfo 11-SP4

SUSE Linux Enterprise Debuginfo 11-SP3

https://www.suse.com/security/cve/CVE-2018-14349.html

https://www.suse.com/security/cve/CVE-2018-14350.html

https://www.suse.com/security/cve/CVE-2018-14352.html

https://www.suse.com/security/cve/CVE-2018-14353.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2018:2403-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.